Keeps a sharp eye on security as it moves to the AWS cloud

Overview

A pioneer in the development and production of ophthalmic lenses, Essilor of America Inc. is the leading manufacturer of optical lenses in the United States. The company employs more than 12,000 people throughout North America and leads the market in progressive, high-index, photochromic, and anti-reflective coated lenses. A subsidiary of Paris-based Essilor International, Essilor of America is the largest and most trusted optical lab network in the U.S. Essilor designs, manufactures, and markets a wide range of lenses to improve and protect eyesight. Their mission is “improving lives by improving sight”.

In recent years, the company has enjoyed rapid growth through mergers and acquisitions—at times engaging in as many as two acquisitions per month—but such growth comes with its own challenges. Essilor found itself devoting enormous amounts of time and effort to onboard all of these new additions into its traditional data centers. It became clear that the company would have to virtualize its data centers to overcome the limits of their physical systems—and ultimately move to the cloud.

Challenges

In 2010, Essilor took its first step to the cloud by virtualizing its data center footprints. The company soon found that its traditional security solution fell short, particularly with respect to Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) requirements. “We realized that our security wasn’t keeping up with our data transformation. Our traditional antivirus solution was delaying processes and our end users were not happy, so we knew we had to explore new security solutions,” said Tanweer Surve, Director of Enterprise Architecture and Cloud Technologies at Essilor.

In 2016, Essilor moved some of their applications to the Amazon Web Services (AWS) cloud. Now, its IT environment consists of four geographical zones across the globe, each with on-premises and co-location data centers, in addition to a hybrid cloud on AWS. Although the move to the cloud simplified onboarding processes, it generated new gaps in security—and with GDPR looming, the company found that compliance was also top-of-mind.

"We needed cloud security that included consolidated billing, a bring-your-own license model, single-pane management capabilities, robust reporting, ease of deployment and use—and only Deep Security as a Service checked all the boxes"

Why Trend Micro

Back in 2013, after its move to virtualization was complete and its security woes were becoming evident, Essilor began its search for a new security solution that could protect both its physical and virtual environments. After a three-month proof of concept with solutions from Gartner and Forrester’s top five security vendors, the company selected Trend Micro™ Deep Security™ solution. “We wanted a solution that provided seamless integration with VMware vCenter management software and true agentless deployment. Deep Security™ for VMware® was the only solution that really worked,” said Surve.

When Essilor moved to AWS in 2016, the IT team evaluated Deep Security to protect its cloud environment. “We needed cloud security that included consolidated billing, a bring-your-own-license model, single-pane management capabilities, robust reporting, ease of deployment and use—and only Deep Security checked all the boxes,” said Surve.

Solution

When Essilor first chose Deep Security to protect its physical and virtual data centers, the company’s security management got a big boost. For example, the solution’s integrity monitoring tracks system changes and reports suspicious activity in real time, and the intrusion detection and prevention feature examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack— including zero-day exploits.

In moving to Deep Security for their AWS environment in 2016, the company gained a powerful, integrated security platform that automates several security functions by adding orchestration layers on premises and in the cloud, and provides a single pane of glass for managing data center and cloud security. Essilor also appreciated the ability to purchase Deep Security on the AWS Marketplace. “We wanted simplified licensing for Deep Security, and AWS provided a very positive experience that was similar to shopping on Amazon,” said Surve.

"In addition to increasing system performance by almost 50 percent, Trend Micro solutions provide the comprehensive security platform we need to secure our physical, virtual, and cloud environments, and to support evolving compliance requirements."

Results

For Surve and his team, all of Deep Security’s features provide value for the organization, but some stand out for him. One such feature is how the solution ensures protection by automatically providing an automated agent to any new builds, making Essilor’s compliance requirements easier to ensure. “By detecting when an agent is not installed, it helps us to maintain compliance requirements with HIPAA, PCI, and GDPR.” said Surve. “Deep Security’s features help us in our compliance efforts, and we can seamlessly manage security across all environments from a single-pane dashboard.”

“In addition to increasing system performance by almost 50 percent, Trend Micro solutions provide the comprehensive security platform we need to secure our physical, virtual, and cloud environments, and to support evolving compliance requirements,” said Surve.

What's next

While the future is still unfolding for Essilor, Surve and his team continue to focus on improving security and building threat intelligence across the organization. “We’re in the early stages of looking at Trend Micro™ TippingPoint™, a network security platform that can help us with real-time issue enforcement and remediation,” said Surve. Whatever the future holds, Surve continues to count on Trend Micro as a solid security partner.